hk-market
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill performs outbound network requests via
curlto an external IP address (43.167.234.49). While this is necessary for its functionality as a market data tool, communication with a non-whitelisted external host is a data exposure risk. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It ingests data from an external API (
http://43.167.234.49:3101) and processes it without defined boundary markers or sanitization, meaning malicious instructions returned by the API could influence the agent's behavior. - Ingestion points: API responses from
http://43.167.234.49:3101(SKILL.md). - Boundary markers: Absent. The skill does not instruct the agent to ignore or delimit instructions found within the financial data.
- Capability inventory: Execution of shell commands via
curland routing to other sub-skills. - Sanitization: Absent. There are no instructions for validating or escaping the content received from the remote API.
- [COMMAND_EXECUTION]: The instructions direct the agent to construct and execute bash commands where user-controlled variables (such as stock codes, symbols, and dates) are interpolated directly into a
curlstring. Without strict sanitization by the agent, this pattern is vulnerable to command injection if a user provides malicious input designed to break out of the command string.
Audit Metadata